I'm trying to restrict access to our RavenDB to only one user. After altering the settings to secure the DB, I can still access the RavenDB management studio and I'm not sure why. I'm running RavenDB as a windows service, and I'm using build 573.
This is my Raven.Server.exe.config:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key="Raven/Port" value="*"/>
<add key="Raven/DataDir" value="~\Data"/>
<add key="Raven/AnonymousAccess" value="None"/> <!-- Settings are Get, All, None -->
<add key="Raven/Authorization/Windows/RequiredUsers" value="FS-6103\PrestoDatabaseUser"/>
<add key="Raven/MaxPageSize" value="2147483647"/>
</appSettings>
<runtime>
<loadFromRemoteSources enabled="true"/>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<probing privatePath="Analyzers"/>
</assemblyBinding>
</runtime>
</configuration>
If I'm only allowing FS-6103\PrestoDatabaseUser, why am I able to still connect to the management studio remotely? I'm logged in as my windows AD account. I can even modify documents, which is exactly what I'm trying to prevent. Am I missing a setting?
You say you are on build 573? That's very old. According to the release history it was published on 12/15/2011. There is a commit dated 2/22/2012 that says "Change Authorization to return 403 if user is not in group or users list". That's probably a fix that you need.
I would update to at least the last stable build - 1.0.960 and see if your issue persists.
If you're not in a production environment, now would be a good time to move to 2.0 unstable.